| Article No° | Product Name | Affected Version(s) |
|---|---|---|
| AC1.2 | >06.00.00 < 06.09.04 | |
| MEC 03.01 | < 01.02.00 | |
| PROFOX | < 01-01.10.00 | |
| SGx/SVx | >03.00.00 < 03.05.01 | |
| TIGRON | < 01-01.09.00 | |
| TIGRON SIL | < 02-01.01.00 |
Sending too much data in the service telegram of AUMA actuators leads to a buffer overflow in the actuator controls. Depending on the actuator, the service telegram is transmitted either via Bluetooth or RS232
An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface.
A buffer overflow can lead to an unexpected behaviour e.g. to restart of the actuator controls.
Mitigation
As the Bluetooth interface or the alternatively available RS-232 interface is not required for normal operation, it is advisable to only activate it or only use it when it is required, e.g. when configuring the actuator or reading diagnostic data. It should be deactivated under normal operation conditions.
Remediation
For actuators with Bluetooh, it is recommended to update the firmware of the actuator controls to a new version in order to avoid a buffer overflow. For actuators without Bluetooth, it is recommended to restrict physical access to the actuator and/or update the firmware if possible.
CERT@VDE coordinated with AUMA Riester
Reporting: Dennis Schaefer from ONEKEY GmbH